The economics of Phishing – working fast food could earn you more

Microsoft Research has published a new report that takes an interesting look inside the criminal business of Phishing. Written by Cormac Herley and Dinei Floręncio, the report explains the economics behind the criminal enterprise, and paints a picture that is in stark contrast to what many analysts have reported in the past.

“Conventional wisdom is that Phishing represents easy money,” is how the report starts. The headlines have grabbed the attention of the masses time and time again. The headlines report that criminals -- who are often falsely labelled as hackers by the media -- are making money hand-over-fist thinks to a form of scam called Phishing.

The report from Microsoft notes a few popular stories from the past, such as the “Interview with a Phisher,” which tells the story of a teen who started Phishing because he was bored, and found it to be very easy. The teen went on to report he made upwards of $4,000 USD per day and stole over 20 million identities. His story, like the others seen in the press, back the notion that Phishing scams are easy to pull off and can yield one hell of a tidy profit.

Yet, the report points out that this is simply not the case. Based on some of the math used, the pool of money available as a direct result of Phishing schemes is mostly static. So you can assume that the more people taking part in Phishing scams, the less money there is to spread around.

To put it another way, as Phishing gets easier -- as evident from the readymade Phishing kits available for download or purchase online -- the more people likely to take part in Phishing crimes. The more people who Phish, the less money there is to be made.

The assumption of a static pool only makes sense if you don’t account for other things. The static pool theory doesn’t include teams of people who Phish together and split the profit only between themselves. It doesn’t account for criminals at the upper tiers of Phishing groups who leech from others and take more than their fair share. This could be done by inflation of services to Phishing crews such as hosting, tunnel access for VPN traffic, money laundering and exchanges, flat out extortion, etc.

The research paper does make a good argument that the more people who are aware of Phishing schemes, because such schemes are in the news all the time (community education, or simple word or mouth), the less Phishing victims there are available. This is a classic example of resource depletion.

In the end, crime doesn’t pay. Those pulling off the Phishing schemes are likely to see little to no financial gain compared to an honest worker putting in the same time and effort at a normal job. Those that do benefit are an above-average breed and not the normal Phishing criminal.

That is, unless you read research papers from established firms such as Gartner or Javelin, who report hundreds of millions of dollars lost every year because of Phishing schemes. This is in addition to the bulletins and reports from the FTC, which outline some of the same facts and figures.

In both cases, Microsoft Research said they are noisy at best, suggesting that they are sorely overinflated.

“We find that the data from widely cited victim surveys are noisier and more biased than is generally realized. It is interesting to wonder why the Gartner and FTC estimates are repeated without scrutiny when they appear noisy at best.”

Citing a paper by scholar Peter Reuter, titled, "The (Continued) Vitality of Mythical Numbers," the Microsoft Research report postulates that the often-quoted Phishing figures used by the media and taken at face value by the public is likely because of, “an interest in having the reported numbers be high, but no constituency with an interest in having those numbers be accurate.”

Adding that there is also, “an absence of scrutiny from academic researchers,” which allows this to happen.

“Finally, we would like to emphasize and re-emphasize that, even if the dollar losses are smaller than often believed, we believe that phishing is a major problem. There are many types of crime where the dollars gained by the criminal are small relative to the damage they inflict. This appears to be the case with phishing. If the dollar losses were zero the erosion of trust among web users, and destruction of email as a means of communicating would still be a major problem,” the report concludes.

Phishing is like any other criminal scheme. As the victims get smarter, the criminals will follow suit and create increasingly clever ways to defeat this new since of awareness their victims have created. The progression of Phishing into the threat it is today, started with Social Engineering, culminates in the same crime being merely wrapped in a new package.

Perhaps there will be more skepticism given to the facts and figures that are released in Phishing-related news.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

An awesome picture has started doing the rounds showing a
bathroom with sinks made out of car tires and faucets created from
gas pumps. Itâ€™s the ideal bathroom for any discerning car nut. That
got us thinking â€” what other stuff is there made out of car
parts and car paraphernalia. Here are some of the coolest [â€¦]

Land Rover has officially confirmed that the Range Rover
Evoque Convertible will go on sale in 2016. The company released
some publicity photos showing a prototype of the Evoque Convertible
driving through train tunnels under construction in London. The
company says use of the Crossrail tunnels let them test the
convertible in privacy. A Land [â€¦]

The company says the standard Mercedes-AMG GT already provides
the ideal base for the race model, with low centre of gravity, good
weight distribution and wide track width.The driver sits on a
carbon-fibre seat pan and is protected by a roll-over cage made
from high-tensile steel.The engine cover, doors, front wing,
sidewalls, side skirts, diffuser, [â€¦]

Lamborghini Aventador wallpaper for your desktop or mobile
device. The Aventador LP 700â€“4 has a 6.5 liter V12 that will
go 0â€“60 mph in 2.9 seconds and take you all the way to 220mph
and maybe beyond.Each image links to a page with multiple sizes of
wallpaper you can download.

Well this one has been trending all over the web, just what
color is this dress? It all started in Scotland when the
mother of a bride-to-be sent a picture to her daughter asking what
she thought of the dress. The bride and groom each saw the image
differently, this then got posted online and picked up by some
viral sites. The lighting in the photo is probably causing
different people to see it as either white and gold or blue and
black. Prof Stephen Westland, chair of color science and
technology at a university in the UK told the BBC that it was
impossible to see what other people see but that it [â€¦]

McLarenâ€™s 675LT will debut at this yearâ€™s Geneva show and
promises some eye-popping performance. The coupe only 675LT has a
3.8 liter V8 that will get you from 0-60mph in less than 2.9
seconds and to 124mph in less than 7.9 secondsMore than a
third of the parts have been changed compared with its stable mate
[â€¦]

Some cool McLaren 675LT Wallpaper. The McLaren 675LT
is the latest coupe to come from the supercar maker and has a top
speed of 205mph.Click on an image to open a page with multiple
sizes that you can download to use as wallpaper for your mobile or
desktop.More McLaren Wallpaper.

This crab is minding its own business searching the rock pools
for food when suddenly an octopus leaps out of the water and grabs
it. The amazing thing is that the octopus does not just jump on the
crab it actually pulls it all the way back to the rock pool it came
from. If you check the second video you will see it is not unknown
for octopus to come out of the water and the one in the second
video has a crab with it, though is not hunting one! Octopus Walks
on Land at Fitzgerald Marine Reserve The video was taken by Porsche
Indrisie in Yallingup, Western [â€¦]